public void CloudQueueMessageValidateEncryption()
{
// Create the Key to be used for wrapping.
SymmetricKey aesKey = new SymmetricKey("symencryptionkey");
CloudQueueClient client = GenerateCloudQueueClient();
string name = GenerateNewQueueName();
CloudQueue queue = client.GetQueueReference(name);
try
{
queue.CreateIfNotExists();
byte[] messageBytes = new byte[100];
Random rand = new Random();
rand.NextBytes(messageBytes);
string inputMessage = Convert.ToBase64String(messageBytes);
CloudQueueMessage message = new CloudQueueMessage(inputMessage);
queue.EncodeMessage = false;
QueueEncryptionPolicy policy = new QueueEncryptionPolicy(aesKey, null);
QueueRequestOptions options = new QueueRequestOptions()
{
EncryptionPolicy = policy
};
// Add message
queue.AddMessage(message, null, null, options, null);
// Retrieve message without decrypting
CloudQueueMessage retrMessage = queue.GetMessage(null, null, null);
// Decrypt locally
CloudQueueMessage decryptedMessage;
CloudQueueEncryptedMessage encryptedMessage = JsonConvert.DeserializeObject <CloudQueueEncryptedMessage>(retrMessage.AsString);
EncryptionData encryptionData = encryptedMessage.EncryptionData;
byte[] contentEncryptionKey = aesKey.UnwrapKeyAsync(encryptionData.WrappedContentKey.EncryptedKey, encryptionData.WrappedContentKey.Algorithm, CancellationToken.None).Result;
using (AesCryptoServiceProvider myAes = new AesCryptoServiceProvider())
{
myAes.Key = contentEncryptionKey;
myAes.IV = encryptionData.ContentEncryptionIV;
byte[] src = Convert.FromBase64String(encryptedMessage.EncryptedMessageContents);
using (ICryptoTransform decryptor = myAes.CreateDecryptor())
{
decryptedMessage = new CloudQueueMessage(decryptor.TransformFinalBlock(src, 0, src.Length));
}
}
TestHelper.AssertBuffersAreEqual(message.AsBytes, decryptedMessage.AsBytes);
}
finally
{
queue.DeleteIfExists();
}
}
private void DoCloudQueueAddUpdateEncryptedMessage(IKey key, DictionaryKeyResolver keyResolver)
{
CloudQueueClient client = GenerateCloudQueueClient();
string name = GenerateNewQueueName();
CloudQueue queue = client.GetQueueReference(name);
try
{
queue.CreateIfNotExists();
string messageStr = "salam";//s Guid.NewGuid().ToString();
CloudQueueMessage message = new CloudQueueMessage(messageStr);
QueueEncryptionPolicy policy = new QueueEncryptionPolicy(key, null);
// Add message
QueueRequestOptions createOptions = new QueueRequestOptions()
{
EncryptionPolicy = policy
};
queue.AddMessage(message, null, null, createOptions, null);
// Retrieve message
QueueEncryptionPolicy retrPolicy = new QueueEncryptionPolicy(null, keyResolver);
QueueRequestOptions retrieveOptions = new QueueRequestOptions()
{
EncryptionPolicy = retrPolicy
};
CloudQueueMessage retrMessage = queue.GetMessage(null, retrieveOptions, null);
Assert.AreEqual(messageStr, retrMessage.AsString);
// Update message
string updatedMessage = Guid.NewGuid().ToString("N");
retrMessage.SetMessageContent(updatedMessage);
queue.UpdateMessage(retrMessage, TimeSpan.FromSeconds(0), MessageUpdateFields.Content | MessageUpdateFields.Visibility, createOptions, null);
// Retrieve updated message
retrMessage = queue.GetMessage(null, retrieveOptions, null);
Assert.AreEqual(updatedMessage, retrMessage.AsString);
}
finally
{
queue.DeleteIfExists();
}
}
public void CloudQueueAddUpdateEncryptedEncodedMessage()
{
// Create the Key to be used for wrapping.
SymmetricKey aesKey = new SymmetricKey("symencryptionkey");
CloudQueueClient client = GenerateCloudQueueClient();
string name = GenerateNewQueueName();
CloudQueue queue = client.GetQueueReference(name);
try
{
queue.CreateIfNotExists();
byte[] messageBytes = new byte[100];
Random rand = new Random();
rand.NextBytes(messageBytes);
string inputMessage = Convert.ToBase64String(messageBytes);
CloudQueueMessage message = new CloudQueueMessage(inputMessage);
queue.EncodeMessage = false;
QueueEncryptionPolicy policy = new QueueEncryptionPolicy(aesKey, null);
QueueRequestOptions options = new QueueRequestOptions()
{
EncryptionPolicy = policy
};
// Add message
queue.AddMessage(message, null, null, options, null);
// Retrieve message
CloudQueueMessage retrMessage = queue.GetMessage(null, options, null);
Assert.AreEqual(inputMessage, retrMessage.AsString);
}
finally
{
queue.DeleteIfExists();
}
}
public void CloudQueueMessageEncryptionWithStrictMode()
{
// Create the Key to be used for wrapping.
SymmetricKey aesKey = new SymmetricKey("symencryptionkey");
// Create the resolver to be used for unwrapping.
DictionaryKeyResolver resolver = new DictionaryKeyResolver();
resolver.Add(aesKey);
CloudQueueClient client = GenerateCloudQueueClient();
string name = GenerateNewQueueName();
CloudQueue queue = client.GetQueueReference(name);
try
{
queue.CreateIfNotExists();
string messageStr = Guid.NewGuid().ToString();
CloudQueueMessage message = new CloudQueueMessage(messageStr);
QueueEncryptionPolicy policy = new QueueEncryptionPolicy(aesKey, null);
// Add message with policy.
QueueRequestOptions createOptions = new QueueRequestOptions()
{
EncryptionPolicy = policy
};
createOptions.RequireEncryption = true;
queue.AddMessage(message, null, null, createOptions, null);
// Set policy to null and add message while RequireEncryption flag is still set to true. This should throw.
createOptions.EncryptionPolicy = null;
TestHelper.ExpectedException <InvalidOperationException>(
() => queue.AddMessage(message, null, null, createOptions, null),
"Not specifying a policy when RequireEnryption is set to true should throw.");
// Retrieve message
QueueEncryptionPolicy retrPolicy = new QueueEncryptionPolicy(null, resolver);
QueueRequestOptions retrieveOptions = new QueueRequestOptions()
{
EncryptionPolicy = retrPolicy
};
retrieveOptions.RequireEncryption = true;
CloudQueueMessage retrMessage = queue.GetMessage(null, retrieveOptions, null);
// Update message with plain text.
string updatedMessage = Guid.NewGuid().ToString("N");
retrMessage.SetMessageContent(updatedMessage);
queue.UpdateMessage(retrMessage, TimeSpan.FromSeconds(0), MessageUpdateFields.Content | MessageUpdateFields.Visibility);
// Retrieve updated message with RequireEncryption flag but no metadata on the service. This should throw.
TestHelper.ExpectedException <StorageException>(
() => queue.GetMessage(null, retrieveOptions, null),
"Retrieving with RequireEncryption set to true and no metadata on the service should fail.");
// Set RequireEncryption to false and retrieve.
retrieveOptions.RequireEncryption = false;
queue.GetMessage(null, retrieveOptions, null);
}
finally
{
queue.DeleteIfExists();
}
}